b'Annual Report, \xe2\x80\x9cFederal Information Security Management Act: Fiscal Year 2005 Report\nfrom the Office of Inspector General\xe2\x80\x9d (IG-05-026, September 29, 2005)\n\nThis annual report, submitted as a memorandum from the Inspector General to the NASA\nAdministrator, provides the Office of Management and Budget (OMB) with our\nindependent assessment of NASA\xe2\x80\x99s information technology (IT) security posture. While\nNASA\xe2\x80\x99s leadership implemented several IT security improvements and was formulating\nplans to address many of the IT security concerns we have raised in past audits and\nreviews, many challenges remain. During FY 2005, we found recurring significant\ninternal control weaknesses related to system administrator roles and responsibilities;\nhost and network security; IT contingency plan testing and alternate processing facilities;\nIT risk assessments; certification of IT systems; vulnerability scanning; and peer-to-peer\nfile sharing. The NASA Office of Inspector General will continue to focus audit and\ninvestigative resources on protecting the Agency\xe2\x80\x99s information assets.\n\nThe OMB\xe2\x80\x99s Federal Information Security Management Act (FISMA) Report to Congress\nfor FY 2005 includes information provided by our report. Our report contains NASA\nInformation Technology/Internal Systems Data that is not routinely released under the\nFreedom of Information Act (FOIA). To submit a FOIA request, see the online guide.\n\x0c'